[libvirt] [PATCH 0/5] qemu: Use FW descriptors to report FW image paths

Fri Sep 13 10:25:38 UTC 2019

On Mon, Aug 05, 2019 at 06:14:20PM +0200, Michal Privoznik wrote:

[...]

> Michal Prívozník (5):
>   virfirmware: Expose and define autoptr for virFirmwareFree
>   qemu_firmware: Document qemuFirmwareGetSupported
>   qemu_firmware: Extend qemuFirmwareGetSupported to return FW paths
>   qemufirmwaretest: Test FW path getting through
>     qemuFirmwareGetSupported()
>   qemu: Use FW descriptors to report FW image paths

[...]

Tested-by: Kashyap Chamarthy <kchamart at redhat.com>

I've just tested this patchset on Fedora 30.  (I too can reproduce the
behaviour Cole saw - duplicate 'secboot' binaries.)

Build libvirt with this:

    $> git describe
    v5.7.0-107-gb6e6d35f3f

Stop the system libvirt daemons:

    $> systemctl stop libvirtd virtlockd virtlogd

Start the daemons built from Git:

    $> sudo ./run src/virtlockd &
    $> sudo ./run src/virtlogd &
    $> sudo ./run src/libvirtd &

Make sure your EDK2/OVMF RPM has the 'secboot' binaries/VARS files:

    $> rpm -q edk2-ovmf
    edk2-ovmf-20190501stable-3.fc30.noarch

    $> rpm -ql edk2-ovmf | grep secboot
    /usr/share/OVMF/OVMF_CODE.secboot.fd
    /usr/share/OVMF/OVMF_VARS.secboot.fd
    /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
    /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd

(The top two files are a symlink to the bottom two.)

Before invoking domCapabilities API, ensure the relevant firmware
descriptor files for x86_64 have the secboot binary listed:

    $> grep CODE.secboot /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json /usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json
    /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json:            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
    /usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json:            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",

Now run 'domcapabilities' (with 'q35'):

    $> sudo tools/virsh domcapabilities --machine q35 --arch x86_64
    [...]
    <os supported='yes'>
      <enum name='firmware'>
        <value>bios</value>
        <value>efi</value>
      </enum>
      <loader supported='yes'>
        <value>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</value>
        <value>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</value>
        <value>/usr/share/edk2/ovmf/OVMF_CODE.fd</value>
        <value>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</value>
        <value>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-with-csm.fd</value>
        <enum name='type'>
          <value>rom</value>
          <value>pflash</value>
        </enum>
        <enum name='readonly'>
          <value>yes</value>
          <value>no</value>
        </enum>
        <enum name='secure'>
          <value>yes</value>
          <value>no</value>
        </enum>
      </loader>
    </os>
    [...]

-- 
/kashyap